Threat Hunting / Digital Forensics

Course Description:

This course provides a hands-on first look at some of the tools, techniques, and procedures used for network based forensics and threat hunting. Attacks by basic to advanced threat actors will leave artifacts that can be detected. The malware they use must communicate somehow over the network for Command and Control (C2) and data exfiltration. We will study collectinging and correlating current and historic pcap-based network data with host and network generated logs to create a profile of an attack for post-incident investigations and reporting or proactive threat hunting.

Open source tools include: Security Onion 2.0 [Hunt, Kibana, Cyber Chef,  Network Miner, etc…]

NOTE: This class will be broadcast live via WebEx – attendees should expect to login in to the class and participate at the times scheduled.

Prerequisite:  Basic understanding of Linux operating system.

About the Instructor

Mike Masino has been an Information Technology instructor at Madison Area Technical College since 2004. Mike has eleven years of experience previously working first as an integrated control systems developer and later as systems Administrator for the University of Wisconsin Extension. Mike holds an Associate in Applied Science degree in Electronics Engineering, as well as Bachelors and Masters Degrees in Computer Science. Mike’s industry certifications include:  Microsoft: MCSE, MCP + I (Win NT 4.0/ Win2000) / Cisco:  CCNA, CCAI / CompTIA:  A+. Security+, Network + / SANS:  GCIH, GCFA, GCIA (current member of GIAC advisory board)